Cyber Technology and...

Cyber Technology and Information Security Laboratory (CTISL)

A new generation of cyber warriors has suited up for battle and is
targeting U.S. interests. GTRI is a leader in developing the
technologies that secure, defend, and respond to threats within our
country’s information, distribution, and network systems on the
virtual battlefield. GTRI experts are tackling tough security issues
within military and non-military networks, developing new tools and
methods for securing information, educating and increasing awareness
in the cyber domain, and applying leading technologies in network
design to keep us safe now — and in the future.

Reverse Engineering, Vulnerability Identification, and Exploitation

CTISL's Network Vulnerability Division (NVD) concentrates on exploitation and reconstruction of information in the form of signals, communication protocols, and application and embedded binaries. NVD engineers determine hardware and software vulnerabilities and reconstruct signals to determine overt and covert methods of exploitation. Threat countermeasures span a wide range, from "conventional" radio frequency (RF) jamming/denial-of-service to offensive computer network operations tactics.

Providing support to the U.S. military for more than 20 years, NVD engineers are well-versed in assessing the operating capabilities and vulnerabilities of communications and routing equipment. The division also supports various other government agencies and industry sponsors in countering adversary information networks.

Resilient Network Systems Engineering

CTISL's Command and Control Mission Assurance Division (C2MA) concentrates on design and fielding of resilient information distribution systems. Cutting edge technologies, including secure network enclaves, virtualization, multi-level security, and adaptive quality of service management, are applied to construct joint command and control systems for combat operations. The division's solutions have been accredited, tested, and fielded for ground, air, and maritime operations centers. Many of these systems have been deployed around the globe for a variety of operations, such as the Haiti humanitarian relief effort.

CTISL’s Emerging Threats and Countermeasures (ETCM) Division performs research in the areas of malicious software analysis, network and media intelligence gathering, and unique clustering and analytic visualization tools to provide cyber situational awareness. ETCM has developed “Apiary" (formerly Titan) a repository of more than 23 million malware samples that provide to the community automated analysis and threat reporting. Leveraging the Apiary framework, other ETCM tools such as spear phishing utilize the intelligence data to perform sophisticated clustering and grouping to reveal hidden relationships. ETCM develops custom algorithms, frameworks, and visualizations to support the detection of targeted malware and other sophisticated threats. ETC also provides unique penetration testing services and consultation to help customers comprehensive information security programs.

Multi-Level, Secure Software Systems and Collaboration Tools

CTISL's Secure Information Systems (SIS) Division concentrates on the design and development of secure real-world, multi-level information sharing applications. Both hardware and software design methodologies are combined to deliver information exchange solutions that pass the rigorous testing required to operate on the nation’s most secure networks. SIS solutions are nationally recognized within the government as state-of-the-art, affordable, secure, and scalable.

Although much hype exists about the threat of cyber attacks, many organizations still fail to understand the costs of data exfiltration, network disruptions, and other nefarious actions that may result from a cyber attack. Perimeter protection, although necessary, is not enough. CTISL is dedicated to “Equipping and Educating the Good Guys.” To that end, CTISL cyber security experts provide tailored educational opportunities, hacker competitions, emerging threat conferences, threat landscape reports, and other outreach activities. We believe that effective information security programs must first be grounded in education and training as threats become more and more sophisticated.